- I understand that COSO intends to supersede their 1992 Framework as of December 15, 2014, and we expect there will be questions about whether the SEC will provide management with any transition or implementation guidance to change from the existing framework to the new framework.
- COSO has publicly stated its belief that
- users should transition their applications and related documentation to the updated Framework as soon as is feasible under their particular circumstances” and that
- the key concepts and principles embedded in the original framework are fundamentally sound and broadly accepted in the marketplace, and accordingly,
- continued use of the 1992 framework during the transition period (May 14, 2013 to December 15, 2014) is acceptable.”
- COSO further explained “the COSO Board’s goal in updating the original Framework has been:
- to reflect changes in the business and operating environments,
- to formalize more explicitly the principles embedded in the original framework that facilitate development of effective internal control and assessment of its effectiveness, and
- to increase the ease of use when applied to an entity objective.”
- SEC staff plans to monitor the transition for issuers using the 1992 framework to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future.
- However, at this time,
- I’ll simply refer users of the COSO framework to
- the statements COSO has made about their new framework and
- [COSO’s] thoughts about transition.
KPMG's View (Note: This section has been updated from original post)
Significantly, KPMG's Defining Issues Alert further states (bold added for emphasis):
It is our understanding that there will be a period of time beyond December 15, 2014, where the SEC staff does not intend to question the use of the 1992 [COSO] Framework by registrants. While it is uncertain whether the SEC will untimately set a transition date, questions as to why a registrant continues to use a superseded framework become more legitimate with the passage of time.
My two cents
(Please see the disclaimer on the right side of this blog)
Cent one: Some may view Beswick’s remarks as potentially providing some relief – or letting some of the pressure out of the balloon - in what some may view as a still-challenging economic environment. Thus, the SEC may be taking a conservative approach, to avoid being viewed at this particular point in time as adding the ‘long arm of the law’ on top of COSO – which is not a ‘standard-setter’ or regulator per se, but a private sector organization – as far as adding pressure on companies to drive toward any ‘race to the finish’ as was the case with implementation of the SEC and PCAOB rules, particularly in the first year of implementation, under Sarbanes-Oxley Section 404.
In that first year of implementation of Sarbox 404, management, auditors, and outside consultant resources were highly stretched in meeting the initial Sarbox deadline, in addition to normal year-end closing and annual report-related deadlines, and the deadline for smaller public companies to comply with Sarbox was pushed back a number of times.
COSO, in its final guidance released in May, 2013, provided a 17-month transition period for companies to ‘transition’ to the COSO:2013 framework by Dec. 15, 2014; after which, COSO stated, the 1992 COSO framework would be considered “superceded” by the 2013 framework. Some commenters, including FEI’s Working Group on COSO,
had recommended a longer transition period be made available.
Cent two: Beswick is careful to explicitly note in his May 30 remarks at USC that his position is that “at this time” he is referring people directly to COSO’s own words about transition, as stated in COSO’s own documents.
Once again, he notes that the SEC staff will be monitoring companies’ transition from the 1992 framework “to evaluate whether and if any staff or Commission actions become necessary or appropriate at some point in the future.”
I would thus conclude, personally, that the SEC staff’s underlying position, as they often end their remarks, may still be evolving, as to whether they will want to take one of the following approaches to COSO transition:
- “speak softly and carry a big stick”
- “carrot and stick,” or
- “speak from atop the soapbox” approach
.. as far as whether the SEC will “require” or “encourage” companies to abide by COSO’s 12/15/14 “transition” date to a “T”, or provide some flexibility.
I’d like to add here, to correct my prior use of the term ‘effective date’ in previous FEI blog posts on COSO: 2013 – COSO itself does NOT use the term “effective date” – only the term “transition date.” Dec. 15, 2014 is the “transition date” by which time COSO recommends that all companies transition to the COSO: 2013 framework, and that in the interim period, companies with external financial reporting obligations requiring references to the COSO framework (e.g. Sarbox 404 reports referencing the COSO framework) disclose whether the company has applied the COSO ’92 or COSO: 2013 framework.
Cent Two: The fact that Beswick made any statement at all, though, “at this time,” in my mind, is helpful in that it may calm the markets (or at least calm overburdened financial executives) by putting a message out there that the SEC may be open minded and take a wait –and- see approach to monitor how the real-world transition from COSO ‘92 to COSO: 2013 goes - for companies of different sizes, which span different geographies - based on the SEC’s observing that transition as it begins to take place in real time, (a field test by fire, so to speak), rather than issuing an arbitrary edict on top of COSO’s non-authoritative but highly regarded private sector guidance.
So, I’d say, move forward with the initial steps of mapping your current internal control systems based on COSO ’92 to the 17 principles outlined in COSO: 2013, which has been the general, most basic rule of thumb I have been reading and hearing; don’t put your COSO: 2013 implementation on hold, move steadily forward, but keep the popcorn handy as you ‘stay tuned’ for any further word from the SEC.
Posted: 7/22/2013 2:14:00 PM
| with 0 comments
Filed under: COSO internal control framework,Current Financial Reporting Issues,internal control,internal control-integrated framework,KPMG Defining Issues,Paul Beswick,Sarbanes-Oxley Section 404,SEC Chief Accountant,COSO,COSO:2013,IASB,KPMG,PCAOB,Sarbanes-Oxley,Sarbox,SEC,CFRI